Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some Trojan.


  • This topic is locked This topic is locked
11 replies to this topic

#1 LfBella

LfBella

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 31 July 2010 - 08:15 PM

I know that I have some type of Trojan but I am not sure how to fix it.
One issue is that in the Task Manager I constantly notice a system process usually svchost running 4000k or more.
I haven't been able to update my Adaware.
One problem with Norton is even though I have it configured to start at start up it does not and Windows Security Alert acknowledges it there but says it doesn't know its status.
I was able to update Norton once after I went trough the start-up through bleeping computers and unchecked most processes and I believe I deleted at lease 2 of them but don't remember what they were.
The update for Norton was the virus definitions which after the update Norton said it was a Trojan and that it couldn't Quarantine or Fix it. I not sure of the exact name of the error message since when it was up I coped and pasted it and was running search results on it to try and fix it. Norton was popping up with the same message about every 5 secs.
I believe the Trojan shut down the system and Norton, when it loaded backup Norton had no pop ups, it's update was gone and the system scans come up with 0 errors.

Sorry so long, any help would be great. I have been trying to fix this non stop for the last 3 days and have almost run out of ideas of how to fix.





DDS (Ver_10-03-17.01) - NTFSx86
Run by mitchell runsvold at 22:38:50.09 on Fri 07/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.40 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\mitchell runsvold\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://start.earthlink.net
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
BHO: AutorunsDisabled - No File
BHO: {c385ad06-5127-c1c6-2e76-e10cb7dde87f} - ec8252d6
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
TB: EarthLink Toolbar: {d7f30b62-8269-41af-9539-b2697fa7d77e} - c:\program files\earthlink totalaccess\PnEL.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Nuclear Games Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...mp;n=2010031513
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Refresh Pa&ge with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-image.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} - hxxps://bp.weberhs.org/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224290684439
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {FB9695CC-E15E-4CE1-BB2F-0ADC73F937DD} = 207.69.188.185 207.69.188.186
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mitche~1\applic~1\mozilla\firefox\profiles\jbqajfcv.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
FF - component: c:\documents and settings\mitchell runsvold\application data\mozilla\firefox\profiles\jbqajfcv.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}\components\Engine.dll
FF - plugin: c:\documents and settings\mitchell runsvold\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100728.002\naveng.sys [2010-7-28 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100728.002\navex15.sys [2010-7-28 1362608]
R3 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S4 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]
S4 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]
S4 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
S4 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2009-7-7 98984]
S4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]

=============== Created Last 30 ================

2010-07-31 04:01:24 20 ----a-w- c:\documents and settings\mitchell runsvold\defogger_reenable
2010-07-31 01:17:16 0 d-----w- c:\program files\Disable Startup
2010-07-31 00:45:22 81920 ----a-w- c:\windows\system32\Startup.cpl
2010-07-30 23:59:24 0 d-----w- c:\program files\Ask.com
2010-07-30 01:01:32 0 d-----w- c:\docume~1\mitche~1\applic~1\IObit
2010-07-30 01:01:31 0 d-----w- c:\program files\IObit
2010-07-29 21:14:07 0 d-----w- c:\program files\Free Window Registry Repair
2010-07-28 18:30:37 0 d-----w- c:\windows\system32\NtmsData
2010-07-26 23:43:28 0 d-----w- c:\program files\Rosetta Stone
2010-07-26 17:58:46 0 ----a-w- c:\windows\system32\F0D.tmp
2010-07-24 17:11:36 0 --sha-w- c:\windows\system32\4F7.tmp
2010-07-23 22:51:51 57 ----a-w- c:\windows\system32\4c710584
2010-07-23 03:54:57 317440 ----a-w- c:\windows\system32\inseng32.dll
2010-07-23 02:16:43 317440 ----a-w- c:\windows\system32\dpnaddr32.dll
2010-07-14 07:26:19 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 01:41:59 0 d-----w- c:\program files\iPod
2010-07-11 01:40:58 0 d-----w- c:\program files\iTunes
2010-07-11 01:22:54 0 d-----w- c:\program files\Bonjour
2010-07-09 21:25:32 0 d-----w- c:\docume~1\mitche~1\applic~1\EleFun Games

==================== Find3M ====================

2010-05-31 02:11:08 87 -c--a-w- c:\documents and settings\mitchell runsvold\jagex_runescape_preferences2.dat
2010-05-31 01:33:48 43 -c--a-w- c:\documents and settings\mitchell runsvold\jagex__preferences3.dat
2010-05-31 01:33:33 42 -c--a-w- c:\documents and settings\mitchell runsvold\jagex_runescape_preferences.dat
2010-05-18 22:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 22:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 22:39:48.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:22 PM

Posted 09 August 2010 - 10:50 AM

Hello LfBella, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • MBAM log
  • RKUnHooker report
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 LfBella

LfBella
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 10 August 2010 - 02:08 PM

Hi Syler,
Thank you for your help.
I was unable to get the update for Malwarebytes' Anti-Malware, both before the scan or after.
I received this error message:
An error has occurred. Please report this error code to our support team.
MDAM_ERROR_UPDATING (12002, 0, WinHttpQueryDataAvailable)

And here are the logs

MBAM.log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/9/2010 8:57:47 PM
mbam-log-2010-08-09 (20-57-47).txt

Scan type: Quick scan
Objects scanned: 133591
Time elapsed: 17 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 125
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00627871-8244-4619-9f7c-b2ab8777b566} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00627871-8244-4619-9f7c-b2ab8777b566} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a51ef1-5734-4926-aba8-7a73be911ad0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a51ef1-5734-4926-aba8-7a73be911ad0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{047adea0-dbe1-4e41-b7e7-bd56dd8d9654} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{047adea0-dbe1-4e41-b7e7-bd56dd8d9654} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{082a13b0-d84d-4ea4-8381-aa16dfc63bb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{082a13b0-d84d-4ea4-8381-aa16dfc63bb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d8c32cd-ccae-492a-b361-15e4395eeeb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0d8c32cd-ccae-492a-b361-15e4395eeeb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e191d53-d6d3-47ae-a8e6-0c572a4142d0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e191d53-d6d3-47ae-a8e6-0c572a4142d0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10bbb0a1-ffe8-4948-9231-f07670808e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10bbb0a1-ffe8-4948-9231-f07670808e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33196d47-00b0-4129-a430-a428c51c6d7b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{33196d47-00b0-4129-a430-a428c51c6d7b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f870c2-abe5-48d5-927f-51cd6516adb4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{39f870c2-abe5-48d5-927f-51cd6516adb4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d697dd1-6c9e-451f-8767-4d5d738c99eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3d697dd1-6c9e-451f-8767-4d5d738c99eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4177759a-b2bd-4a7e-a94e-0cadb7361db0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4177759a-b2bd-4a7e-a94e-0cadb7361db0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{447bf0c8-c1e9-4f75-ad52-6a0fe2b8969d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{447bf0c8-c1e9-4f75-ad52-6a0fe2b8969d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{536dad1a-28b3-47b6-a0bb-d4d901a96010} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{536dad1a-28b3-47b6-a0bb-d4d901a96010} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53f2c206-b2a2-4a78-9ec3-aec51adfd086} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53f2c206-b2a2-4a78-9ec3-aec51adfd086} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6506e7ce-98d3-4e9e-a4ec-df0a1985fad9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6506e7ce-98d3-4e9e-a4ec-df0a1985fad9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73dbf013-2a62-43eb-bf59-8d2701b015cd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73dbf013-2a62-43eb-bf59-8d2701b015cd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75a6eaec-fa7a-4552-a106-b8d8609a5927} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{75a6eaec-fa7a-4552-a106-b8d8609a5927} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77f00858-0e65-4f50-b1a3-a0c8319c9a60} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77f00858-0e65-4f50-b1a3-a0c8319c9a60} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bab237e-008c-4af9-8386-185e5587fd70} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7bab237e-008c-4af9-8386-185e5587fd70} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7eed6ee4-42a8-41de-b262-a85893391709} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7eed6ee4-42a8-41de-b262-a85893391709} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c04c99c-4d17-4699-9f85-51e94cacac39} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c04c99c-4d17-4699-9f85-51e94cacac39} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f49142f-7494-4982-a042-6ff34a5d0d53} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f49142f-7494-4982-a042-6ff34a5d0d53} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f9502d4-9d2f-4330-a4c0-81254bc8fcd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f9502d4-9d2f-4330-a4c0-81254bc8fcd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{945b4b20-6050-4611-873e-1de3b761602d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{945b4b20-6050-4611-873e-1de3b761602d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3883dee-5f8c-41d3-9c1c-d11a1058a3f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3883dee-5f8c-41d3-9c1c-d11a1058a3f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5388b6e-cc06-4447-8a11-79fc5acdb155} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5388b6e-cc06-4447-8a11-79fc5acdb155} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ac268d8b-8d79-4a64-82bc-eb8db0257581} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac268d8b-8d79-4a64-82bc-eb8db0257581} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{acf38aa9-f286-43a0-929c-9bd428375815} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{acf38aa9-f286-43a0-929c-9bd428375815} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aed5da66-319e-4577-b50b-3b2d9f58c0eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aed5da66-319e-4577-b50b-3b2d9f58c0eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e1854f-4431-4270-9e54-bfd9d3ac36a4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2e1854f-4431-4270-9e54-bfd9d3ac36a4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b905f93f-15b7-49b5-b3b1-6f349ed28e48} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b905f93f-15b7-49b5-b3b1-6f349ed28e48} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0e13797-ed17-4d9d-90ab-f6d550f20ce0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c0e13797-ed17-4d9d-90ab-f6d550f20ce0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7a5863a-2346-48c8-a0c6-34d39db14ebd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7a5863a-2346-48c8-a0c6-34d39db14ebd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec31739a-9d5d-41db-9d87-5aad877c64e7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec31739a-9d5d-41db-9d87-5aad877c64e7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0228d29-5088-4abe-a07e-69723a213f1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0228d29-5088-4abe-a07e-69723a213f1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5611285-2e3a-472f-909a-6a026596b316} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f5611285-2e3a-472f-909a-6a026596b316} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f7ce6246-d027-4541-b6db-9fd64ce30ca7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f7ce6246-d027-4541-b6db-9fd64ce30ca7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffdd1d0d-4e93-4e8c-aa44-7fe2309f66a8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ffdd1d0d-4e93-4e8c-aa44-7fe2309f66a8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00627871-8244-4619-9f7c-b2ab8777b566} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a51ef1-5734-4926-aba8-7a73be911ad0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{047adea0-dbe1-4e41-b7e7-bd56dd8d9654} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{082a13b0-d84d-4ea4-8381-aa16dfc63bb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0d8c32cd-ccae-492a-b361-15e4395eeeb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e191d53-d6d3-47ae-a8e6-0c572a4142d0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10bbb0a1-ffe8-4948-9231-f07670808e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33196d47-00b0-4129-a430-a428c51c6d7b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39f870c2-abe5-48d5-927f-51cd6516adb4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3d697dd1-6c9e-451f-8767-4d5d738c99eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4177759a-b2bd-4a7e-a94e-0cadb7361db0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{447bf0c8-c1e9-4f75-ad52-6a0fe2b8969d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{536dad1a-28b3-47b6-a0bb-d4d901a96010} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53f2c206-b2a2-4a78-9ec3-aec51adfd086} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6506e7ce-98d3-4e9e-a4ec-df0a1985fad9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73dbf013-2a62-43eb-bf59-8d2701b015cd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75a6eaec-fa7a-4552-a106-b8d8609a5927} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77f00858-0e65-4f50-b1a3-a0c8319c9a60} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7bab237e-008c-4af9-8386-185e5587fd70} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7eed6ee4-42a8-41de-b262-a85893391709} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c04c99c-4d17-4699-9f85-51e94cacac39} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f49142f-7494-4982-a042-6ff34a5d0d53} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f9502d4-9d2f-4330-a4c0-81254bc8fcd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{945b4b20-6050-4611-873e-1de3b761602d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3883dee-5f8c-41d3-9c1c-d11a1058a3f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a5388b6e-cc06-4447-8a11-79fc5acdb155} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ac268d8b-8d79-4a64-82bc-eb8db0257581} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{acf38aa9-f286-43a0-929c-9bd428375815} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aed5da66-319e-4577-b50b-3b2d9f58c0eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2e1854f-4431-4270-9e54-bfd9d3ac36a4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b905f93f-15b7-49b5-b3b1-6f349ed28e48} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c0e13797-ed17-4d9d-90ab-f6d550f20ce0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7a5863a-2346-48c8-a0c6-34d39db14ebd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ec31739a-9d5d-41db-9d87-5aad877c64e7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0228d29-5088-4abe-a07e-69723a213f1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f5611285-2e3a-472f-909a-6a026596b316} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffdd1d0d-4e93-4e8c-aa44-7fe2309f66a8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\inseng32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnaddr32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
:


RKUnHooker report

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x8058C63A-->E1E01CB8 [Unknown module filename]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x827CCA00 [4] System
0x8233C020 [272] C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation, Content Index service)
0x825D0860 [332] C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation, Windows NT DDE Server)
0x82321DA0 [344] C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x825D17A8 [376] C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation, Virus Definition Daemon)
0x822E7DA0 [408] C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc., Activation Licensing Service)
0x8261BC38 [436] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x82668B98 [468] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x826855A0 [484] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x82551020 [508] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x82387DA0 [552] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x82387978 [564] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x822CA3B8 [692] C:\WINDOWS\system32\imapi.exe (Microsoft Corporation, Image Mastering API)
0x8252ABF0 [724] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82525DA0 [772] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x826AB020 [812] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x822BD020 [944] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x824E3728 [956] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82580568 [976] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82568BE0 [1012] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x825337B8 [1060] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8253C310 [1116] C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation, Common Client Settings Manager Service)
0x82380DA0 [1180] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation, Common Client Event Manager Service)
0x82359C08 [1300] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x825E0DA0 [1348] C:\WINDOWS\system32\scardsvr.exe (Microsoft Corporation, Smart Card Resource Management Server)
0x825DE020 [1400] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x822B6AC8 [1432] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x82353A08 [1436] C:\WINDOWS\system32\netdde.exe (Microsoft Corporation, Network DDE - DDE Communication)
0x8234E760 [1480] C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation, MS DTC console program)
0x823AA6A8 [1548] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x82345230 [1560] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x823A44B0 [1584] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x822B1B28 [1656] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x822EE5F8 [1832] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x822F1528 [1916] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation, Common Client User Session)
0x822E1C78 [1940] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x822DE6B0 [1956] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc., -)
0xFFA58708 [1976] C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe (Visual Networks, IP Session Statistics)
0x82314020 [1996] C:\Program Files\iConcepts Music Express\MEAutoDetect.exe (-, MEAutoDetect MFC Application)
0x822268A8 [2052] C:\WINDOWS\system32\HPZipm12.exe (HP, PML Driver)
0x825D4608 [2136] C:\WINDOWS\system32\locator.exe (Microsoft Corporation, Rpc Locator)
0x82206B28 [2168] C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec, SAVRoam)
0x821F7390 [2224] C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation, Network Driver Service)
0x821EE500 [2292] C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc., SupportSoft Agent Service)
0x821E8020 [2324] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x821E0DA0 [2352] C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc., SureThing Labelflash Disc Printer Service Module)
0x821FF8B0 [2396] C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x821C8070 [2404] C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x821B2760 [2436] C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation, Symantec AntiVirus)
0xFF998DA0 [2468] C:\Documents and Settings\mitchell runsvold\My Documents\Downloads\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x821853E0 [2672] C:\WINDOWS\system32\vssvc.exe (Microsoft Corporation, Microsoft® Volume Shadow Copy Service)
0x82177DA0 [2780] C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation, Windows Live Setup Service)
0x8215EC78 [2868] C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation, WMI Performance Adapter Service)
0x82159218 [2896] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x8214D020 [2940] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc., AutoUpater Service Module)
0x82141DA0 [3012] C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software, Logical Disk Manager service process)
0x821A6DA0 [3244] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x8219B020 [3400] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x82529778 [3404] C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation, Indexing Service filter daemon)
0x82215A70 [3412] C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd., DevLdr32)
0x8230BDA0 [3460] C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6DDA000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100728.002\navex15.sys 1359872 bytes (Symantec Corporation, AV Engine)
0xF8F27000 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys 610304 bytes (LT, LT Windows Modem)
0xF97D7000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF8A63000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF8D92000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF8B9B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF78D5000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF6F26000 C:\Program Files\Symantec AntiVirus\savrt.sys 323584 bytes (Symantec Corporation, AutoProtect)
0xF8EE1000 C:\WINDOWS\system32\drivers\emu10k1m.sys 286720 bytes (Creative Technology Ltd., Creative SB Live! Adapter Driver)
0xF7A6C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF8B5B000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 262144 bytes (Symantec Corporation, Network Dispatch Driver)
0xF98E3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF8018000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF97AA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF58A0000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF8AD3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF8B20000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF8A3D000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF8EBD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF8E62000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF8E9A000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF8AFE000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF987B000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF98B3000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF9790000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF989B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF9864000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF8E4B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF7E23000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6DC6000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100728.002\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xF8E86000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF8C27000 C:\WINDOWS\System32\drivers\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF8BF4000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF8B48000 C:\Program Files\Symantec\SYMEVENT.SYS 77824 bytes (Symantec Corporation, Symantec Event Library)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF98D2000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF8E3A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7875000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 65536 bytes (Symantec Corporation, SAVRTPEL)
0xF9B92000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF9B72000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7F70000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF9A02000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF9932000 fjcvv.sys 57344 bytes
0xF9982000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF9BA2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF9962000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF99D2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF99A2000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF9AD2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF9952000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF99C2000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF9942000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF9A12000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF9992000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF99F2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF9972000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF9B02000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF9B62000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF99E2000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF9AA2000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF718D000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF9B82000 C:\WINDOWS\system32\drivers\sfmanm.sys 36864 bytes (Creative Technology Ltd., SoundFont® Manager)
0xF9AE2000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF9CAA000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF9D22000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF9D3A000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF9CB2000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF9D0A000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF9BB2000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF9BD2000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF9BDA000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF9CDA000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF9CE2000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF9CA2000 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xF9CBA000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF9D12000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF9CFA000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF9D1A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF9BBA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF9CCA000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF9CD2000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF9CC2000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF9C4A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF704D000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF9DF6000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8FD8000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF9753000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF8419000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF9E2E000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF9D42000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8C5F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBFF50000 C:\WINDOWS\System32\framebuf.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xF9E2A000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF9DEE000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF9DFA000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF975B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8FC4000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79F8000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 12288 bytes (Symantec Corporation, Redirector Filter Driver)
0xF9E5A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF9E48000 C:\WINDOWS\system32\drivers\ctlfacem.sys 8192 bytes (Creative Technology Ltd., Creative SB Live! Interface Driver)
0xF9E58000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF9E36000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF9E32000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF9E5C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF9EDE000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF9E5E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF9E4A000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF9E4C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF9E34000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xFA054000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xFA053000 C:\WINDOWS\system32\DRIVERS\ctljystk.sys 4096 bytes (Creative Technology Ltd., Creative Joyport Enabler)
0xF9F54000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF9F5F000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\System Volume Information\catalog.wci\00010002.ci
!-->[Hidden] C:\System Volume Information\catalog.wci\00010002.dir
!-->[Hidden] C:\System Volume Information\catalog.wci\CiFLfffc.000
!-->[Hidden] C:\System Volume Information\catalog.wci\CiFLfffc.001
!-->[Hidden] C:\System Volume Information\catalog.wci\CiFLfffc.002
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
[1832]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1832]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1832]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1832]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1832]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1832]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1832]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


OTL.txt


OTL logfile created on: 8/9/2010 11:21:55 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\mitchell runsvold\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 45.00% Memory free
619.00 Mb Paging File | 188.00 Mb Available in Paging File | 30.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 40.47 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER-BE4EE1
Current User Name: mitchell runsvold
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/09 23:20:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mitchell runsvold\My Documents\Downloads\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 11:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/10 13:37:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/14 04:44:29 | 000,374,104 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe
PRC - [2006/02/28 06:00:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmine.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/04 18:12:42 | 000,921,600 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
PRC - [2004/03/12 16:18:06 | 000,169,192 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2004/03/12 16:17:46 | 001,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/03/12 16:17:10 | 000,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/03/11 15:58:32 | 000,193,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/02/29 17:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/02/29 17:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/02/29 17:44:46 | 000,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 23:20:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mitchell runsvold\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/10 13:37:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/12 16:18:06 | 000,169,192 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 16:17:46 | 001,221,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 16:17:10 | 000,029,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/03/11 15:58:32 | 000,193,760 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/02/29 17:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 17:44:52 | 000,087,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 17:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/08/01 12:44:16 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/28 02:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100728.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/28 02:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100728.002\NAVENG.SYS -- (NAVENG)
DRV - [2008/07/11 12:30:06 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/04/17 14:30:08 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/18 16:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008/02/08 12:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/03/30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2004/08/03 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/11 15:58:10 | 000,263,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/03/11 15:58:08 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/03/05 00:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 16:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 16:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2001/08/17 15:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/17 07:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]

IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\URLSearchHook: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\URLSearchHook: ~00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-1637723038-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 F1 65 BB 4A 3D CA 01 [binary data]
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net?cid=NET_mmhpset"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {771f3037-9885-4423-b50f-a5ede4854e26}:1.300.306
FF - prefs.js..extensions.enabledItems: {324fb49c-b6b6-4507-96b9-695abcdbbc4c}:1.0
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/04 19:51:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 17:29:32 | 000,000,000 | ---D | M]

[2010/03/03 22:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Extensions
[2010/03/03 22:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/09 15:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions
[2010/08/09 15:56:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\{324fb49c-b6b6-4507-96b9-695abcdbbc4c}
[2010/06/29 12:33:46 | 000,000,000 | ---D | M] (InboxDollars) -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
[2010/03/08 21:53:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/19 10:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\gamebox@toolbar
[2009/03/25 13:36:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\ask.xml
[2010/07/30 20:13:39 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\askcom.xml
[2010/05/24 21:03:38 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\daemon-search.xml
[2008/12/12 12:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\MySpace.xml
[2010/06/29 12:34:17 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\search-the-web.xml
[2010/08/09 10:30:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 13:10:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/02/28 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PnIEBrowserHelperObj Class) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O2 - BHO: (ec8252d6) - {C385AD06-5127-C1C6-2E76-E10CB7DDE87F} - Reg Error: Value error. File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\S-1-5-21-602162358-1637723038-725345543-1004..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc.)
O4 - HKU\S-1-5-21-602162358-1637723038-725345543-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} https://bp.weberhs.org/BusinessPortal/UI/Re...ebBehaviors.cab (CHListFactory Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/pcpitstop.cab (PCPitstop Utility)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1224290684439 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\9cf10283971: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/16 23:55:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b167ef8-d4c8-11dd-8e03-00c0a8812b35}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\Shell - "" = AutoRun
O33 - MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\Shell\AutoRun\command - "" = G:\ATTPreCopy.exe -- File not found
O33 - MountPoints2\{a12fa324-505f-11de-8e55-00c0a8812b35}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{a9e8f3db-a92f-11dd-8dd9-00c0a8812b35}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/08/09 18:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Application Data\Malwarebytes
[2010/08/09 18:58:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/09 18:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/09 18:58:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/09 18:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/07 14:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\House
[2010/08/02 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/02 13:44:10 | 000,000,000 | ---D | C] -- C:\NSS
[2010/08/01 22:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\NewPics
[2010/08/01 13:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/07/30 19:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Disable Startup
[2010/07/30 18:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\StartupCPL
[2010/07/29 19:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Application Data\IObit
[2010/07/29 19:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/07/29 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/07/28 12:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\Autoruns
[2010/07/28 12:30:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/27 21:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\BamBam Transfer
[2010/07/14 01:26:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/09 21:00:54 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/09 21:00:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 21:00:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 20:58:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\ntuser.ini
[2010/08/09 20:58:41 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\mitchell runsvold\NTUSER.DAT
[2010/08/09 20:58:32 | 006,968,550 | -H-- | M] () -- C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\IconCache.db
[2010/08/09 18:58:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 14:27:00 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\defogger_reenable
[2010/08/07 19:11:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/07 18:03:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/05 13:52:23 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 03:01:52 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/02 18:59:33 | 001,634,502 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns1.arn
[2010/08/01 23:46:09 | 000,141,339 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\Cookbook.docx
[2010/08/01 14:08:25 | 000,013,761 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\VirusInstructions1.docx
[2010/08/01 13:03:12 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/08/01 12:44:16 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/01 01:33:30 | 000,220,448 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Desktop\elmo.jpg
[2010/07/30 22:38:00 | 000,017,673 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\website.docx
[2010/07/30 20:28:57 | 001,595,454 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns.arn
[2010/07/30 18:04:31 | 000,033,626 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Tiger.jpg
[2010/07/29 15:14:09 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Free Window Registry Repair.lnk
[2010/07/28 18:15:32 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971P.manifest
[2010/07/28 15:03:13 | 000,000,195 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971O.manifest
[2010/07/28 15:03:13 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971C.manifest
[2010/07/28 15:03:13 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971S.manifest
[2010/07/27 21:47:10 | 000,012,023 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\KSLAds.docx
[2010/07/27 00:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/26 15:07:03 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\4c710584
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/09 18:58:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 14:26:24 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\defogger_reenable
[2010/08/03 03:01:48 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/02 18:59:32 | 001,634,502 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns1.arn
[2010/08/01 14:35:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\log.txt
[2010/08/01 14:08:24 | 000,013,761 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\VirusInstructions1.docx
[2010/08/01 13:03:11 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/08/01 01:26:13 | 000,220,448 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\Desktop\elmo.jpg
[2010/07/30 21:33:19 | 000,017,673 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\website.docx
[2010/07/30 18:45:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2010/07/30 18:04:28 | 000,033,626 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Tiger.jpg
[2010/07/30 12:50:19 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\All Users\lxdu.log
[2010/07/29 15:14:09 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Free Window Registry Repair.lnk
[2010/07/28 14:45:27 | 001,595,454 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns.arn
[2010/07/28 00:42:47 | 000,141,339 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\Cookbook.docx
[2010/07/23 16:51:51 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\4c710584
[2010/07/22 20:16:41 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971S.manifest
[2010/07/22 20:16:40 | 000,000,195 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971O.manifest
[2010/07/22 20:16:40 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971C.manifest
[2010/07/22 20:16:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971P.manifest
[2010/05/25 13:11:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/10/12 18:45:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/02 19:39:37 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/06/19 22:49:34 | 000,046,346 | ---- | C] () -- C:\WINDOWS\System32\SmrtDrive.dll
[2008/11/21 15:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/19 00:17:09 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/19 00:17:07 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/18 22:27:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/23 14:35:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/10/18 20:18:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/10/17 18:20:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\smqh4f1.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/02/28 06:00:00 | 000,000,340 | ---- | C] () -- C:\WINDOWS\System32\gya13hg.dll
[2006/02/28 06:00:00 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2006/02/28 06:00:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/02/28 06:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\p055jok.dll
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 18:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/10/16 17:34:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/10/16 17:34:47 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/10/16 17:34:47 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
< End of report >



Estra.txt

OTL Extras logfile created on: 8/9/2010 11:21:55 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\mitchell runsvold\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 45.00% Memory free
619.00 Mb Paging File | 188.00 Mb Available in Paging File | 30.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 40.47 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER-BE4EE1
Current User Name: mitchell runsvold
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Disabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Disabled:McAfee Framework Service -- File not found
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:TaskPanl -- (EarthLink, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Shell -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{25F9791C-B446-462D-BDC6-F95BCBB81851}" = EarthLink Spyware Blocker
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 20
"{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A011F38-2F3B-484F-9595-E8462430F0BF}" = ELNBonus
"{2F72E05E-2371-4C05-9091-B643A9456267}" = EarthLink Setup
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41FDADBB-CF11-499E-9D74-28C2180ADD26}" = EarthLink Redistributed
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50915408-4940-4C36-B4CC-0D9944FA4C59}" = EarthLink FastLane
"{51487A3E-7A7D-46D8-B7E5-7F85B57B8C2F}" = EarthLink Common
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62329568-19B5-43CF-9524-3EE4DD709D01}" = EarthLink Toolbar
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79500098-252F-47C3-B773-E6EFEBBD1D92}" = EarthLink Update Manager
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}" = MobileMe Control Panel
"{80AB2E5F-C850-4928-BCBF-5AA15D1AFA5F}" = Deal Info
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89C43B94-02D9-47CB-A338-8CEC0E70F638}" = EarthLink MailBox
"{8C9F3D47-7E45-48FD-B6ED-C2350E582BB8}_is1" = Disable Startup 1.2
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}" = EarthLink TaskPanel
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D9C3CDEB-BC7F-4CB3-BC92-719B365DF28E}" = EarthLink IM
"{DBDB8C5A-E0B9-4C10-A649-59D962E3A07F}" = EarthLink Webspace
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F1606F09-06FD-4C39-AC2F-7BCE56206990}" = EarthLink Accelerator
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"4PLAY 5.0" = 4PLAY 5.0
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX Setup
"EarthLink TotalAccess 2004" = EarthLink Software
"ffdshow_is1" = ffdshow [rev 2280] [2008-11-02]
"Free Window Registry Repair" = Free Window Registry Repair
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.4.8
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Music Express_is1" = Music Express 4.26
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.4.6
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photags Music Express" = iConcepts Music Express
"PROPLUS" = Microsoft Office Professional Plus 2007
"Risk II_is1" = Risk II
"VLC media player" = VLC media player 0.9.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update
"Zoo Vet 2 - Endangered Animals 1.00" = Zoo Vet 2 - Endangered Animals 1.00
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2010 10:36:06 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 8/4/2010 10:39:24 PM | Computer Name = JENNIFER-BE4EE1 | Source = Application Error | ID = 1000
Description = Faulting application taskpanl.exe, version 2005.1.57.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/8/2010 3:01:19 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 236: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/9/2010 5:11:49 PM | Computer Name = JENNIFER-BE4EE1 | Source = Application Error | ID = 1000
Description = Faulting application taskpanl.exe, version 2005.1.57.0, faulting module
unknown, version 0.0.0.0, fault address 0x00746c6f.

Error - 8/9/2010 10:44:44 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 8/9/2010 10:44:44 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

[ Application Events ]
Error - 8/4/2010 10:36:06 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 8/4/2010 10:39:24 PM | Computer Name = JENNIFER-BE4EE1 | Source = Application Error | ID = 1000
Description = Faulting application taskpanl.exe, version 2005.1.57.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/8/2010 3:01:19 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 236: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/9/2010 5:11:49 PM | Computer Name = JENNIFER-BE4EE1 | Source = Application Error | ID = 1000
Description = Faulting application taskpanl.exe, version 2005.1.57.0, faulting module
unknown, version 0.0.0.0, fault address 0x00746c6f.

Error - 8/9/2010 10:44:44 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 8/9/2010 10:44:44 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

[ OSession Events ]
Error - 2/14/2010 10:18:34 PM | Computer Name = JENNIFER-BE4EE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14140
seconds with 3360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/9/2010 10:38:00 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7000
Description = The lxdu_device service failed to start due to the following error:
%%2

Error - 8/9/2010 10:38:00 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 8/9/2010 11:00:39 PM | Computer Name = JENNIFER-BE4EE1 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 8/9/2010 11:01:18 PM | Computer Name = JENNIFER-BE4EE1 | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 8/9/2010 11:01:28 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 8/9/2010 11:01:28 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Password Validation
service to connect.

Error - 8/9/2010 11:01:28 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7000
Description = The lxdu_device service failed to start due to the following error:
%%2

Error - 8/9/2010 11:01:28 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 8/10/2010 1:22:30 AM | Computer Name = JENNIFER-BE4EE1 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/10/2010 1:22:30 AM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >


#4 LfBella

LfBella
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 10 August 2010 - 02:09 PM

Hi Syler,
Thank you for your help.
I was unable to get the update for Malwarebytes' Anti-Malware, both before the scan or after.
I received this error message:
An error has occurred. Please report this error code to our support team.
MDAM_ERROR_UPDATING (12002, 0, WinHttpQueryDataAvailable)

And here are the logs

MBAM.log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/9/2010 8:57:47 PM
mbam-log-2010-08-09 (20-57-47).txt

Scan type: Quick scan
Objects scanned: 133591
Time elapsed: 17 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 125
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00627871-8244-4619-9f7c-b2ab8777b566} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00627871-8244-4619-9f7c-b2ab8777b566} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a51ef1-5734-4926-aba8-7a73be911ad0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a51ef1-5734-4926-aba8-7a73be911ad0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{047adea0-dbe1-4e41-b7e7-bd56dd8d9654} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{047adea0-dbe1-4e41-b7e7-bd56dd8d9654} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{082a13b0-d84d-4ea4-8381-aa16dfc63bb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{082a13b0-d84d-4ea4-8381-aa16dfc63bb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d8c32cd-ccae-492a-b361-15e4395eeeb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0d8c32cd-ccae-492a-b361-15e4395eeeb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e191d53-d6d3-47ae-a8e6-0c572a4142d0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e191d53-d6d3-47ae-a8e6-0c572a4142d0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10bbb0a1-ffe8-4948-9231-f07670808e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10bbb0a1-ffe8-4948-9231-f07670808e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33196d47-00b0-4129-a430-a428c51c6d7b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{33196d47-00b0-4129-a430-a428c51c6d7b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f870c2-abe5-48d5-927f-51cd6516adb4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{39f870c2-abe5-48d5-927f-51cd6516adb4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d697dd1-6c9e-451f-8767-4d5d738c99eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3d697dd1-6c9e-451f-8767-4d5d738c99eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4177759a-b2bd-4a7e-a94e-0cadb7361db0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4177759a-b2bd-4a7e-a94e-0cadb7361db0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{447bf0c8-c1e9-4f75-ad52-6a0fe2b8969d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{447bf0c8-c1e9-4f75-ad52-6a0fe2b8969d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{536dad1a-28b3-47b6-a0bb-d4d901a96010} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{536dad1a-28b3-47b6-a0bb-d4d901a96010} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53f2c206-b2a2-4a78-9ec3-aec51adfd086} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53f2c206-b2a2-4a78-9ec3-aec51adfd086} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6506e7ce-98d3-4e9e-a4ec-df0a1985fad9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6506e7ce-98d3-4e9e-a4ec-df0a1985fad9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73dbf013-2a62-43eb-bf59-8d2701b015cd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73dbf013-2a62-43eb-bf59-8d2701b015cd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75a6eaec-fa7a-4552-a106-b8d8609a5927} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{75a6eaec-fa7a-4552-a106-b8d8609a5927} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77f00858-0e65-4f50-b1a3-a0c8319c9a60} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77f00858-0e65-4f50-b1a3-a0c8319c9a60} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bab237e-008c-4af9-8386-185e5587fd70} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7bab237e-008c-4af9-8386-185e5587fd70} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7eed6ee4-42a8-41de-b262-a85893391709} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7eed6ee4-42a8-41de-b262-a85893391709} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c04c99c-4d17-4699-9f85-51e94cacac39} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c04c99c-4d17-4699-9f85-51e94cacac39} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f49142f-7494-4982-a042-6ff34a5d0d53} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f49142f-7494-4982-a042-6ff34a5d0d53} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f9502d4-9d2f-4330-a4c0-81254bc8fcd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f9502d4-9d2f-4330-a4c0-81254bc8fcd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{945b4b20-6050-4611-873e-1de3b761602d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{945b4b20-6050-4611-873e-1de3b761602d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3883dee-5f8c-41d3-9c1c-d11a1058a3f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3883dee-5f8c-41d3-9c1c-d11a1058a3f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5388b6e-cc06-4447-8a11-79fc5acdb155} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5388b6e-cc06-4447-8a11-79fc5acdb155} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ac268d8b-8d79-4a64-82bc-eb8db0257581} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac268d8b-8d79-4a64-82bc-eb8db0257581} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{acf38aa9-f286-43a0-929c-9bd428375815} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{acf38aa9-f286-43a0-929c-9bd428375815} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aed5da66-319e-4577-b50b-3b2d9f58c0eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aed5da66-319e-4577-b50b-3b2d9f58c0eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e1854f-4431-4270-9e54-bfd9d3ac36a4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2e1854f-4431-4270-9e54-bfd9d3ac36a4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b905f93f-15b7-49b5-b3b1-6f349ed28e48} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b905f93f-15b7-49b5-b3b1-6f349ed28e48} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0e13797-ed17-4d9d-90ab-f6d550f20ce0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c0e13797-ed17-4d9d-90ab-f6d550f20ce0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7a5863a-2346-48c8-a0c6-34d39db14ebd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7a5863a-2346-48c8-a0c6-34d39db14ebd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec31739a-9d5d-41db-9d87-5aad877c64e7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec31739a-9d5d-41db-9d87-5aad877c64e7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0228d29-5088-4abe-a07e-69723a213f1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0228d29-5088-4abe-a07e-69723a213f1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5611285-2e3a-472f-909a-6a026596b316} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f5611285-2e3a-472f-909a-6a026596b316} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f7ce6246-d027-4541-b6db-9fd64ce30ca7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f7ce6246-d027-4541-b6db-9fd64ce30ca7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffdd1d0d-4e93-4e8c-aa44-7fe2309f66a8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ffdd1d0d-4e93-4e8c-aa44-7fe2309f66a8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00627871-8244-4619-9f7c-b2ab8777b566} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a51ef1-5734-4926-aba8-7a73be911ad0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{047adea0-dbe1-4e41-b7e7-bd56dd8d9654} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{082a13b0-d84d-4ea4-8381-aa16dfc63bb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0d8c32cd-ccae-492a-b361-15e4395eeeb3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e191d53-d6d3-47ae-a8e6-0c572a4142d0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10bbb0a1-ffe8-4948-9231-f07670808e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33196d47-00b0-4129-a430-a428c51c6d7b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39f870c2-abe5-48d5-927f-51cd6516adb4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3d697dd1-6c9e-451f-8767-4d5d738c99eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4177759a-b2bd-4a7e-a94e-0cadb7361db0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{447bf0c8-c1e9-4f75-ad52-6a0fe2b8969d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{536dad1a-28b3-47b6-a0bb-d4d901a96010} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53f2c206-b2a2-4a78-9ec3-aec51adfd086} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6506e7ce-98d3-4e9e-a4ec-df0a1985fad9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73dbf013-2a62-43eb-bf59-8d2701b015cd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75a6eaec-fa7a-4552-a106-b8d8609a5927} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77f00858-0e65-4f50-b1a3-a0c8319c9a60} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7bab237e-008c-4af9-8386-185e5587fd70} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7eed6ee4-42a8-41de-b262-a85893391709} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c04c99c-4d17-4699-9f85-51e94cacac39} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f49142f-7494-4982-a042-6ff34a5d0d53} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f9502d4-9d2f-4330-a4c0-81254bc8fcd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{945b4b20-6050-4611-873e-1de3b761602d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3883dee-5f8c-41d3-9c1c-d11a1058a3f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a5388b6e-cc06-4447-8a11-79fc5acdb155} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ac268d8b-8d79-4a64-82bc-eb8db0257581} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{acf38aa9-f286-43a0-929c-9bd428375815} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aed5da66-319e-4577-b50b-3b2d9f58c0eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2e1854f-4431-4270-9e54-bfd9d3ac36a4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b905f93f-15b7-49b5-b3b1-6f349ed28e48} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c0e13797-ed17-4d9d-90ab-f6d550f20ce0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7a5863a-2346-48c8-a0c6-34d39db14ebd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ec31739a-9d5d-41db-9d87-5aad877c64e7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0228d29-5088-4abe-a07e-69723a213f1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f5611285-2e3a-472f-909a-6a026596b316} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffdd1d0d-4e93-4e8c-aa44-7fe2309f66a8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\inseng32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnaddr32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
:


RKUnHooker report

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x8058C63A-->E1E01CB8 [Unknown module filename]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x827CCA00 [4] System
0x8233C020 [272] C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation, Content Index service)
0x825D0860 [332] C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation, Windows NT DDE Server)
0x82321DA0 [344] C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x825D17A8 [376] C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation, Virus Definition Daemon)
0x822E7DA0 [408] C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc., Activation Licensing Service)
0x8261BC38 [436] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x82668B98 [468] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x826855A0 [484] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x82551020 [508] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x82387DA0 [552] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x82387978 [564] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x822CA3B8 [692] C:\WINDOWS\system32\imapi.exe (Microsoft Corporation, Image Mastering API)
0x8252ABF0 [724] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82525DA0 [772] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x826AB020 [812] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x822BD020 [944] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x824E3728 [956] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82580568 [976] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82568BE0 [1012] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x825337B8 [1060] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8253C310 [1116] C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation, Common Client Settings Manager Service)
0x82380DA0 [1180] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation, Common Client Event Manager Service)
0x82359C08 [1300] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x825E0DA0 [1348] C:\WINDOWS\system32\scardsvr.exe (Microsoft Corporation, Smart Card Resource Management Server)
0x825DE020 [1400] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x822B6AC8 [1432] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x82353A08 [1436] C:\WINDOWS\system32\netdde.exe (Microsoft Corporation, Network DDE - DDE Communication)
0x8234E760 [1480] C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation, MS DTC console program)
0x823AA6A8 [1548] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x82345230 [1560] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x823A44B0 [1584] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x822B1B28 [1656] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x822EE5F8 [1832] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x822F1528 [1916] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation, Common Client User Session)
0x822E1C78 [1940] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x822DE6B0 [1956] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc., -)
0xFFA58708 [1976] C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe (Visual Networks, IP Session Statistics)
0x82314020 [1996] C:\Program Files\iConcepts Music Express\MEAutoDetect.exe (-, MEAutoDetect MFC Application)
0x822268A8 [2052] C:\WINDOWS\system32\HPZipm12.exe (HP, PML Driver)
0x825D4608 [2136] C:\WINDOWS\system32\locator.exe (Microsoft Corporation, Rpc Locator)
0x82206B28 [2168] C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec, SAVRoam)
0x821F7390 [2224] C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation, Network Driver Service)
0x821EE500 [2292] C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc., SupportSoft Agent Service)
0x821E8020 [2324] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x821E0DA0 [2352] C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc., SureThing Labelflash Disc Printer Service Module)
0x821FF8B0 [2396] C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x821C8070 [2404] C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x821B2760 [2436] C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation, Symantec AntiVirus)
0xFF998DA0 [2468] C:\Documents and Settings\mitchell runsvold\My Documents\Downloads\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x821853E0 [2672] C:\WINDOWS\system32\vssvc.exe (Microsoft Corporation, Microsoft® Volume Shadow Copy Service)
0x82177DA0 [2780] C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation, Windows Live Setup Service)
0x8215EC78 [2868] C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation, WMI Performance Adapter Service)
0x82159218 [2896] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x8214D020 [2940] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc., AutoUpater Service Module)
0x82141DA0 [3012] C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software, Logical Disk Manager service process)
0x821A6DA0 [3244] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x8219B020 [3400] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x82529778 [3404] C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation, Indexing Service filter daemon)
0x82215A70 [3412] C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd., DevLdr32)
0x8230BDA0 [3460] C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6DDA000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100728.002\navex15.sys 1359872 bytes (Symantec Corporation, AV Engine)
0xF8F27000 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys 610304 bytes (LT, LT Windows Modem)
0xF97D7000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF8A63000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF8D92000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF8B9B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF78D5000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF6F26000 C:\Program Files\Symantec AntiVirus\savrt.sys 323584 bytes (Symantec Corporation, AutoProtect)
0xF8EE1000 C:\WINDOWS\system32\drivers\emu10k1m.sys 286720 bytes (Creative Technology Ltd., Creative SB Live! Adapter Driver)
0xF7A6C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF8B5B000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 262144 bytes (Symantec Corporation, Network Dispatch Driver)
0xF98E3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF8018000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF97AA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF58A0000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF8AD3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF8B20000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF8A3D000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF8EBD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF8E62000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF8E9A000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF8AFE000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF987B000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF98B3000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF9790000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF989B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF9864000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF8E4B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF7E23000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6DC6000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100728.002\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xF8E86000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF8C27000 C:\WINDOWS\System32\drivers\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF8BF4000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF8B48000 C:\Program Files\Symantec\SYMEVENT.SYS 77824 bytes (Symantec Corporation, Symantec Event Library)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF98D2000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF8E3A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7875000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 65536 bytes (Symantec Corporation, SAVRTPEL)
0xF9B92000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF9B72000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7F70000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF9A02000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF9932000 fjcvv.sys 57344 bytes
0xF9982000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF9BA2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF9962000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF99D2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF99A2000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF9AD2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF9952000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF99C2000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF9942000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF9A12000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF9992000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF99F2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF9972000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF9B02000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF9B62000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF99E2000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF9AA2000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF718D000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF9B82000 C:\WINDOWS\system32\drivers\sfmanm.sys 36864 bytes (Creative Technology Ltd., SoundFont® Manager)
0xF9AE2000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF9CAA000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF9D22000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF9D3A000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF9CB2000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF9D0A000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF9BB2000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF9BD2000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF9BDA000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF9CDA000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF9CE2000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF9CA2000 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xF9CBA000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF9D12000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF9CFA000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF9D1A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF9BBA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF9CCA000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF9CD2000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF9CC2000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF9C4A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF704D000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF9DF6000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8FD8000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF9753000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF8419000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF9E2E000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF9D42000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8C5F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBFF50000 C:\WINDOWS\System32\framebuf.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xF9E2A000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF9DEE000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF9DFA000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF975B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8FC4000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79F8000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 12288 bytes (Symantec Corporation, Redirector Filter Driver)
0xF9E5A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF9E48000 C:\WINDOWS\system32\drivers\ctlfacem.sys 8192 bytes (Creative Technology Ltd., Creative SB Live! Interface Driver)
0xF9E58000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF9E36000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF9E32000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF9E5C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF9EDE000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF9E5E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF9E4A000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF9E4C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF9E34000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xFA054000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xFA053000 C:\WINDOWS\system32\DRIVERS\ctljystk.sys 4096 bytes (Creative Technology Ltd., Creative Joyport Enabler)
0xF9F54000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF9F5F000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\System Volume Information\catalog.wci\00010002.ci
!-->[Hidden] C:\System Volume Information\catalog.wci\00010002.dir
!-->[Hidden] C:\System Volume Information\catalog.wci\CiFLfffc.000
!-->[Hidden] C:\System Volume Information\catalog.wci\CiFLfffc.001
!-->[Hidden] C:\System Volume Information\catalog.wci\CiFLfffc.002
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
[1832]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1832]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1832]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1832]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1832]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1832]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1832]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


OTL.txt


OTL logfile created on: 8/9/2010 11:21:55 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\mitchell runsvold\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 45.00% Memory free
619.00 Mb Paging File | 188.00 Mb Available in Paging File | 30.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 40.47 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER-BE4EE1
Current User Name: mitchell runsvold
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/09 23:20:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mitchell runsvold\My Documents\Downloads\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 11:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/10 13:37:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/14 04:44:29 | 000,374,104 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe
PRC - [2006/02/28 06:00:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmine.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/04 18:12:42 | 000,921,600 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
PRC - [2004/03/12 16:18:06 | 000,169,192 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2004/03/12 16:17:46 | 001,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/03/12 16:17:10 | 000,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/03/11 15:58:32 | 000,193,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/02/29 17:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/02/29 17:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/02/29 17:44:46 | 000,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 23:20:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mitchell runsvold\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/10 13:37:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/12 16:18:06 | 000,169,192 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 16:17:46 | 001,221,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 16:17:10 | 000,029,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/03/11 15:58:32 | 000,193,760 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/02/29 17:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 17:44:52 | 000,087,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 17:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/08/01 12:44:16 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/28 02:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100728.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/28 02:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100728.002\NAVENG.SYS -- (NAVENG)
DRV - [2008/07/11 12:30:06 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/04/17 14:30:08 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/18 16:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008/02/08 12:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/03/30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2004/08/03 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/11 15:58:10 | 000,263,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/03/11 15:58:08 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/03/05 00:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 16:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 16:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2001/08/17 15:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/17 07:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]

IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\URLSearchHook: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\URLSearchHook: ~00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-1637723038-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 F1 65 BB 4A 3D CA 01 [binary data]
IE - HKU\S-1-5-21-602162358-1637723038-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net?cid=NET_mmhpset"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {771f3037-9885-4423-b50f-a5ede4854e26}:1.300.306
FF - prefs.js..extensions.enabledItems: {324fb49c-b6b6-4507-96b9-695abcdbbc4c}:1.0
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/04 19:51:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 17:29:32 | 000,000,000 | ---D | M]

[2010/03/03 22:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Extensions
[2010/03/03 22:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/09 15:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions
[2010/08/09 15:56:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\{324fb49c-b6b6-4507-96b9-695abcdbbc4c}
[2010/06/29 12:33:46 | 000,000,000 | ---D | M] (InboxDollars) -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
[2010/03/08 21:53:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/19 10:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\gamebox@toolbar
[2009/03/25 13:36:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\ask.xml
[2010/07/30 20:13:39 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\askcom.xml
[2010/05/24 21:03:38 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\daemon-search.xml
[2008/12/12 12:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\MySpace.xml
[2010/06/29 12:34:17 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\search-the-web.xml
[2010/08/09 10:30:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 13:10:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/02/28 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PnIEBrowserHelperObj Class) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O2 - BHO: (ec8252d6) - {C385AD06-5127-C1C6-2E76-E10CB7DDE87F} - Reg Error: Value error. File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\S-1-5-21-602162358-1637723038-725345543-1004..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc.)
O4 - HKU\S-1-5-21-602162358-1637723038-725345543-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1637723038-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} https://bp.weberhs.org/BusinessPortal/UI/Re...ebBehaviors.cab (CHListFactory Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/pcpitstop.cab (PCPitstop Utility)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1224290684439 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\9cf10283971: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/16 23:55:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b167ef8-d4c8-11dd-8e03-00c0a8812b35}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\Shell - "" = AutoRun
O33 - MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\Shell\AutoRun\command - "" = G:\ATTPreCopy.exe -- File not found
O33 - MountPoints2\{a12fa324-505f-11de-8e55-00c0a8812b35}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{a9e8f3db-a92f-11dd-8dd9-00c0a8812b35}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/08/09 18:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Application Data\Malwarebytes
[2010/08/09 18:58:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/09 18:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/09 18:58:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/09 18:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/07 14:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\House
[2010/08/02 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/02 13:44:10 | 000,000,000 | ---D | C] -- C:\NSS
[2010/08/01 22:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\NewPics
[2010/08/01 13:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/07/30 19:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Disable Startup
[2010/07/30 18:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\StartupCPL
[2010/07/29 19:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Application Data\IObit
[2010/07/29 19:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/07/29 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/07/28 12:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\Autoruns
[2010/07/28 12:30:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/27 21:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\BamBam Transfer
[2010/07/14 01:26:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/09 21:00:54 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/09 21:00:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 21:00:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 20:58:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\ntuser.ini
[2010/08/09 20:58:41 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\mitchell runsvold\NTUSER.DAT
[2010/08/09 20:58:32 | 006,968,550 | -H-- | M] () -- C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\IconCache.db
[2010/08/09 18:58:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 14:27:00 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\defogger_reenable
[2010/08/07 19:11:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/07 18:03:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/05 13:52:23 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 03:01:52 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/02 18:59:33 | 001,634,502 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns1.arn
[2010/08/01 23:46:09 | 000,141,339 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\Cookbook.docx
[2010/08/01 14:08:25 | 000,013,761 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\VirusInstructions1.docx
[2010/08/01 13:03:12 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/08/01 12:44:16 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/01 01:33:30 | 000,220,448 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Desktop\elmo.jpg
[2010/07/30 22:38:00 | 000,017,673 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\website.docx
[2010/07/30 20:28:57 | 001,595,454 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns.arn
[2010/07/30 18:04:31 | 000,033,626 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Tiger.jpg
[2010/07/29 15:14:09 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Free Window Registry Repair.lnk
[2010/07/28 18:15:32 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971P.manifest
[2010/07/28 15:03:13 | 000,000,195 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971O.manifest
[2010/07/28 15:03:13 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971C.manifest
[2010/07/28 15:03:13 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971S.manifest
[2010/07/27 21:47:10 | 000,012,023 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\KSLAds.docx
[2010/07/27 00:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/26 15:07:03 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\4c710584
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/09 18:58:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 14:26:24 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\defogger_reenable
[2010/08/03 03:01:48 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/02 18:59:32 | 001,634,502 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns1.arn
[2010/08/01 14:35:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\log.txt
[2010/08/01 14:08:24 | 000,013,761 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\VirusInstructions1.docx
[2010/08/01 13:03:11 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/08/01 01:26:13 | 000,220,448 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\Desktop\elmo.jpg
[2010/07/30 21:33:19 | 000,017,673 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\website.docx
[2010/07/30 18:45:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2010/07/30 18:04:28 | 000,033,626 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Tiger.jpg
[2010/07/30 12:50:19 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\All Users\lxdu.log
[2010/07/29 15:14:09 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Free Window Registry Repair.lnk
[2010/07/28 14:45:27 | 001,595,454 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns.arn
[2010/07/28 00:42:47 | 000,141,339 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\Cookbook.docx
[2010/07/23 16:51:51 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\4c710584
[2010/07/22 20:16:41 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971S.manifest
[2010/07/22 20:16:40 | 000,000,195 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971O.manifest
[2010/07/22 20:16:40 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971C.manifest
[2010/07/22 20:16:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971P.manifest
[2010/05/25 13:11:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/10/12 18:45:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/02 19:39:37 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/06/19 22:49:34 | 000,046,346 | ---- | C] () -- C:\WINDOWS\System32\SmrtDrive.dll
[2008/11/21 15:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/19 00:17:09 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/19 00:17:07 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/18 22:27:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/23 14:35:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/10/18 20:18:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/10/17 18:20:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\smqh4f1.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/02/28 06:00:00 | 000,000,340 | ---- | C] () -- C:\WINDOWS\System32\gya13hg.dll
[2006/02/28 06:00:00 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2006/02/28 06:00:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/02/28 06:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\p055jok.dll
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 18:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/10/16 17:34:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/10/16 17:34:47 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/10/16 17:34:47 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
< End of report >



Estra.txt

OTL Extras logfile created on: 8/9/2010 11:21:55 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\mitchell runsvold\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 45.00% Memory free
619.00 Mb Paging File | 188.00 Mb Available in Paging File | 30.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 40.47 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER-BE4EE1
Current User Name: mitchell runsvold
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Disabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Disabled:McAfee Framework Service -- File not found
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:TaskPanl -- (EarthLink, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Shell -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{25F9791C-B446-462D-BDC6-F95BCBB81851}" = EarthLink Spyware Blocker
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 20
"{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A011F38-2F3B-484F-9595-E8462430F0BF}" = ELNBonus
"{2F72E05E-2371-4C05-9091-B643A9456267}" = EarthLink Setup
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41FDADBB-CF11-499E-9D74-28C2180ADD26}" = EarthLink Redistributed
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50915408-4940-4C36-B4CC-0D9944FA4C59}" = EarthLink FastLane
"{51487A3E-7A7D-46D8-B7E5-7F85B57B8C2F}" = EarthLink Common
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62329568-19B5-43CF-9524-3EE4DD709D01}" = EarthLink Toolbar
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79500098-252F-47C3-B773-E6EFEBBD1D92}" = EarthLink Update Manager
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}" = MobileMe Control Panel
"{80AB2E5F-C850-4928-BCBF-5AA15D1AFA5F}" = Deal Info
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89C43B94-02D9-47CB-A338-8CEC0E70F638}" = EarthLink MailBox
"{8C9F3D47-7E45-48FD-B6ED-C2350E582BB8}_is1" = Disable Startup 1.2
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}" = EarthLink TaskPanel
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D9C3CDEB-BC7F-4CB3-BC92-719B365DF28E}" = EarthLink IM
"{DBDB8C5A-E0B9-4C10-A649-59D962E3A07F}" = EarthLink Webspace
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F1606F09-06FD-4C39-AC2F-7BCE56206990}" = EarthLink Accelerator
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"4PLAY 5.0" = 4PLAY 5.0
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX Setup
"EarthLink TotalAccess 2004" = EarthLink Software
"ffdshow_is1" = ffdshow [rev 2280] [2008-11-02]
"Free Window Registry Repair" = Free Window Registry Repair
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.4.8
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Music Express_is1" = Music Express 4.26
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.4.6
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photags Music Express" = iConcepts Music Express
"PROPLUS" = Microsoft Office Professional Plus 2007
"Risk II_is1" = Risk II
"VLC media player" = VLC media player 0.9.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update
"Zoo Vet 2 - Endangered Animals 1.00" = Zoo Vet 2 - Endangered Animals 1.00
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2010 10:36:06 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 8/4/2010 10:39:24 PM | Computer Name = JENNIFER-BE4EE1 | Source = Application Error | ID = 1000
Description = Faulting application taskpanl.exe, version 2005.1.57.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/8/2010 3:01:19 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 236: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/9/2010 5:11:49 PM | Computer Name = JENNIFER-BE4EE1 | Source = Application Error | ID = 1000
Description = Faulting application taskpanl.exe, version 2005.1.57.0, faulting module
unknown, version 0.0.0.0, fault address 0x00746c6f.

Error - 8/9/2010 10:44:44 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 8/9/2010 10:44:44 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

[ Application Events ]
Error - 8/4/2010 10:36:06 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 8/4/2010 10:39:24 PM | Computer Name = JENNIFER-BE4EE1 | Source = Application Error | ID = 1000
Description = Faulting application taskpanl.exe, version 2005.1.57.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/8/2010 3:01:19 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 236: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/8/2010 3:01:20 AM | Computer Name = JENNIFER-BE4EE1 | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/9/2010 5:11:49 PM | Computer Name = JENNIFER-BE4EE1 | Source = Application Error | ID = 1000
Description = Faulting application taskpanl.exe, version 2005.1.57.0, faulting module
unknown, version 0.0.0.0, fault address 0x00746c6f.

Error - 8/9/2010 10:44:44 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 8/9/2010 10:44:44 PM | Computer Name = JENNIFER-BE4EE1 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

[ OSession Events ]
Error - 2/14/2010 10:18:34 PM | Computer Name = JENNIFER-BE4EE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14140
seconds with 3360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/9/2010 10:38:00 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7000
Description = The lxdu_device service failed to start due to the following error:
%%2

Error - 8/9/2010 10:38:00 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 8/9/2010 11:00:39 PM | Computer Name = JENNIFER-BE4EE1 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 8/9/2010 11:01:18 PM | Computer Name = JENNIFER-BE4EE1 | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 8/9/2010 11:01:28 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 8/9/2010 11:01:28 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Password Validation
service to connect.

Error - 8/9/2010 11:01:28 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7000
Description = The lxdu_device service failed to start due to the following error:
%%2

Error - 8/9/2010 11:01:28 PM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 8/10/2010 1:22:30 AM | Computer Name = JENNIFER-BE4EE1 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/10/2010 1:22:30 AM | Computer Name = JENNIFER-BE4EE1 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:22 PM

Posted 10 August 2010 - 03:11 PM

Hi LfBella,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]
    IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]
    IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\URLSearchHook: ~00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-602162358-1637723038-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 F1 65 BB 4A 3D CA 01 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 62 CE F7 27 D0 41 45 B6 DB 9F D6 4C E3 0C A7 [binary data]
    FF - prefs.js..extensions.enabledItems: {324fb49c-b6b6-4507-96b9-695abcdbbc4c}:1.0
    [2010/08/09 15:56:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\{324fb49c-b6b6-4507-96b9-695abcdbbc4c
    O2 - BHO: (ec8252d6) - {C385AD06-5127-C1C6-2E76-E10CB7DDE87F} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-602162358-1637723038-725345543-1006\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O20 - Winlogon\Notify\9cf10283971: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O33 - MountPoints2\{0b167ef8-d4c8-11dd-8e03-00c0a8812b35}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe -- File not found
    O33 - MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\Shell - "" = AutoRun
    O33 - MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\Shell\AutoRun\command - "" = G:\ATTPreCopy.exe -- File not found
    O33 - MountPoints2\{a12fa324-505f-11de-8e55-00c0a8812b35}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
    O33 - MountPoints2\{a9e8f3db-a92f-11dd-8dd9-00c0a8812b35}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
    [2010/07/26 15:07:03 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\4c710584
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msnmsgr.exe"=-
    "C:\Program Files\MSN Messenger\livecall.exe"=-
    "C:\WINDOWS\explorer.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\explorer.exe"=-
    "C:\WINDOWS\system32\mmc.exe"=-
    :Commands
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box

    cmd /c "%userprofile%\desktop\mbr.exe" -t& start mbr.log

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log in your next reply.



Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading.
Select Show hidden files and folders.
Then click apply and ok.

Then

Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following files one by one and click Submit.

C:\WINDOWS\System32\p055jok.dll
C:\WINDOWS\System32\gya13hg.dll
C:\WINDOWS\System32\smqh4f1.dll

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • mbr.log
  • Virustotal results

Thanks

Edited by syler, 10 August 2010 - 03:18 PM.

unite.jpg


#6 LfBella

LfBella
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 10 August 2010 - 08:57 PM

OTL results

All processes killed
========== OTL ==========
Service lxdu_device stopped successfully!
Service lxdu_device deleted successfully!
File C:\WINDOWS\System32\lxducoms.exe not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-602162358-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-602162358-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\~00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
Registry value HKEY_USERS\S-1-5-21-602162358-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\~CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
HKU\S-1-5-21-602162358-1637723038-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Prefs.js: {324fb49c-b6b6-4507-96b9-695abcdbbc4c}:1.0 removed from extensions.enabledItems
Folder C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\{324fb49c-b6b6-4507-96b9-695abcdbbc4c\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C385AD06-5127-C1C6-2E76-E10CB7DDE87F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C385AD06-5127-C1C6-2E76-E10CB7DDE87F}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-602162358-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1637723038-725345543-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1637723038-725345543-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\9cf10283971\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b167ef8-d4c8-11dd-8e03-00c0a8812b35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b167ef8-d4c8-11dd-8e03-00c0a8812b35}\ not found.
File G:\wd_windows_tools\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eadfbe2-6770-11de-8e75-00c0a8812b35}\ not found.
File G:\ATTPreCopy.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a12fa324-505f-11de-8e55-00c0a8812b35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a12fa324-505f-11de-8e55-00c0a8812b35}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9e8f3db-a92f-11dd-8dd9-00c0a8812b35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9e8f3db-a92f-11dd-8dd9-00c0a8812b35}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File E:\setup.exe not found.
C:\WINDOWS\system32\4c710584 moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mmc.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 123487 bytes

User: All Users

User: Claysie
->Temp folder emptied: 140628396 bytes
->Temporary Internet Files folder emptied: 10731249 bytes
->FireFox cache emptied: 48340717 bytes
->Flash cache emptied: 599 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mitchell runsvold
->Temp folder emptied: 35373120 bytes
->Temporary Internet Files folder emptied: 19341972 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40143199 bytes
->Flash cache emptied: 1538 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 115892454 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2157287 bytes
%systemroot%\System32 .tmp files removed: 222208 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 213204 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 27935621 bytes

Total Files Cleaned = 421.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Claysie
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: mitchell runsvold
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08102010_142608

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


New OTL log

OTL logfile created on: 8/10/2010 4:53:31 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\mitchell runsvold\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 111.00 Mb Available Physical Memory | 43.00% Memory free
619.00 Mb Paging File | 260.00 Mb Available in Paging File | 42.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 40.86 Gb Free Space | 54.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER-BE4EE1
Current User Name: mitchell runsvold
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/09 23:20:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mitchell runsvold\My Documents\Downloads\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/05/10 13:37:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/14 04:44:29 | 000,374,104 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/04 18:12:42 | 000,921,600 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
PRC - [2004/03/12 16:18:06 | 000,169,192 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2004/03/12 16:17:46 | 001,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/03/12 16:17:10 | 000,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/03/11 15:58:32 | 000,193,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/02/29 17:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/02/29 17:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/02/29 17:44:46 | 000,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 23:20:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mitchell runsvold\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/10 13:37:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/12 16:18:06 | 000,169,192 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 16:17:46 | 001,221,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 16:17:10 | 000,029,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/03/11 15:58:32 | 000,193,760 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/02/29 17:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 17:44:52 | 000,087,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 17:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/08/01 12:44:16 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/28 02:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100728.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/28 02:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100728.002\NAVENG.SYS -- (NAVENG)
DRV - [2008/07/11 12:30:06 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/04/17 14:30:08 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/18 16:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008/02/08 12:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/03/30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2004/08/03 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/11 15:58:10 | 000,263,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/03/11 15:58:08 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/03/05 00:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 16:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 16:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2001/08/17 15:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/17 07:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\..\URLSearchHook: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net?cid=NET_mmhpset"
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/04 19:51:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 17:29:32 | 000,000,000 | ---D | M]

[2010/03/03 22:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Extensions
[2010/03/03 22:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/10 10:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions
[2010/08/09 15:56:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\{324fb49c-b6b6-4507-96b9-695abcdbbc4c}
[2010/06/29 12:33:46 | 000,000,000 | ---D | M] (InboxDollars) -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
[2010/03/08 21:53:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/19 10:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\extensions\gamebox@toolbar
[2009/03/25 13:36:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\ask.xml
[2010/07/30 20:13:39 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\askcom.xml
[2010/05/24 21:03:38 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\daemon-search.xml
[2008/12/12 12:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\MySpace.xml
[2010/08/10 15:28:23 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\Mozilla\Firefox\Profiles\jbqajfcv.default\searchplugins\search-the-web.xml
[2010/08/10 10:37:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 13:10:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/02/28 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PnIEBrowserHelperObj Class) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKCU..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} https://bp.weberhs.org/BusinessPortal/UI/Re...ebBehaviors.cab (CHListFactory Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/pcpitstop.cab (PCPitstop Utility)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1224290684439 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/16 23:55:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/10 15:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\Bleepingputers1
[2010/08/10 14:26:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/09 18:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Application Data\Malwarebytes
[2010/08/09 18:58:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/09 18:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/09 18:58:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/09 18:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/07 14:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\House
[2010/08/02 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/02 13:44:10 | 000,000,000 | ---D | C] -- C:\NSS
[2010/08/01 22:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\NewPics
[2010/08/01 13:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/07/30 19:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Disable Startup
[2010/07/30 18:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\StartupCPL
[2010/07/29 19:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Application Data\IObit
[2010/07/29 19:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/07/29 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/07/28 12:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\Autoruns
[2010/07/28 12:30:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/27 21:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mitchell runsvold\Desktop\BamBam Transfer
[2010/07/14 01:26:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

========== Files - Modified Within 30 Days ==========

[2010/08/10 15:08:08 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/10 15:07:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/10 15:06:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/10 14:54:13 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\mitchell runsvold\NTUSER.DAT
[2010/08/10 14:53:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\ntuser.ini
[2010/08/09 20:58:32 | 006,968,550 | -H-- | M] () -- C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\IconCache.db
[2010/08/09 18:58:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 14:27:00 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\defogger_reenable
[2010/08/07 19:11:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/07 18:03:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/05 13:52:23 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 03:01:52 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/02 18:59:33 | 001,634,502 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns1.arn
[2010/08/01 23:46:09 | 000,141,339 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\Cookbook.docx
[2010/08/01 14:08:25 | 000,013,761 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\VirusInstructions1.docx
[2010/08/01 13:03:12 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/08/01 12:44:16 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/01 01:33:30 | 000,220,448 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Desktop\elmo.jpg
[2010/07/30 22:38:00 | 000,017,673 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\website.docx
[2010/07/30 20:28:57 | 001,595,454 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns.arn
[2010/07/30 18:04:31 | 000,033,626 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Tiger.jpg
[2010/07/29 15:14:09 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Free Window Registry Repair.lnk
[2010/07/28 18:15:32 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971P.manifest
[2010/07/28 15:03:13 | 000,000,195 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971O.manifest
[2010/07/28 15:03:13 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971C.manifest
[2010/07/28 15:03:13 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971S.manifest
[2010/07/27 21:47:10 | 000,012,023 | ---- | M] () -- C:\Documents and Settings\mitchell runsvold\My Documents\KSLAds.docx
[2010/07/27 00:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll

========== Files Created - No Company Name ==========

[2010/08/09 18:58:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 14:26:24 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\defogger_reenable
[2010/08/03 03:01:48 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/02 18:59:32 | 001,634,502 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns1.arn
[2010/08/01 14:35:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\log.txt
[2010/08/01 14:08:24 | 000,013,761 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\VirusInstructions1.docx
[2010/08/01 13:03:11 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/08/01 01:26:13 | 000,220,448 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\Desktop\elmo.jpg
[2010/07/30 21:33:19 | 000,017,673 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\website.docx
[2010/07/30 18:45:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2010/07/30 18:04:28 | 000,033,626 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Tiger.jpg
[2010/07/30 12:50:19 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\All Users\lxdu.log
[2010/07/29 15:14:09 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\Desktop\Free Window Registry Repair.lnk
[2010/07/28 14:45:27 | 001,595,454 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\AutoRuns.arn
[2010/07/28 00:42:47 | 000,141,339 | ---- | C] () -- C:\Documents and Settings\mitchell runsvold\My Documents\Cookbook.docx
[2010/07/22 20:16:41 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971S.manifest
[2010/07/22 20:16:40 | 000,000,195 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971O.manifest
[2010/07/22 20:16:40 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971C.manifest
[2010/07/22 20:16:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\mitchell runsvold\Application Data\020000007b7dc286971P.manifest
[2010/05/25 13:11:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/10/12 18:45:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/02 19:39:37 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/06/19 22:49:34 | 000,046,346 | ---- | C] () -- C:\WINDOWS\System32\SmrtDrive.dll
[2008/11/21 15:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/19 00:17:09 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/19 00:17:07 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/18 22:27:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/23 14:35:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/10/18 20:18:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/10/17 18:20:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\smqh4f1.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/02/28 06:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/02/28 06:00:00 | 000,000,340 | ---- | C] () -- C:\WINDOWS\System32\gya13hg.dll
[2006/02/28 06:00:00 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2006/02/28 06:00:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/02/28 06:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\p055jok.dll
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
< End of report >


mbr.log


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


Virustotal results



http://www.virustotal.com/file-scan/report...26df-1281490656
http://www.virustotal.com/file-scan/report...c824-1281491324
http://www.virustotal.com/file-scan/report...02fe-1281491532

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:22 PM

Posted 12 August 2010 - 06:39 AM

Can you tell me how the computer is running now and if their are any more problems?

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then please post back here with the following logs:
  • ESET report
  • New DDS log

Thanks

unite.jpg


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:22 PM

Posted 17 August 2010 - 03:24 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:22 PM

Posted 23 August 2010 - 06:05 AM

Topic reopened at OP request.

unite.jpg


#10 LfBella

LfBella
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 23 August 2010 - 09:40 PM

New OTL and RKUnhooker attached. Thank you.

Attached Files

  • Attached File  OTL.Txt   65.84KB   2 downloads
  • Attached File  RTF   43.25KB   5 downloads


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:22 PM

Posted 26 August 2010 - 06:00 AM

Hello Jennifer, sorry for the delay.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Then please post back here with GooredFix.txt and Combofix.txt.

Thanks

unite.jpg


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:22 PM

Posted 31 August 2010 - 05:00 AM

Due to the lack of feedback this Topic is closed.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users